[Bug 1067992] New: libzypp 17.0.0 - Failed to import key
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992 Bug ID: 1067992 Summary: libzypp 17.0.0 - Failed to import key Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@forge.provo.novell.com Reporter: dimstar@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- TW/Staging:I currently contains the libzypp 17.0.0 upgrade (and nothing else) This braks all test scenarios, as it fails to import keys Sample test run: https://openqa.opensuse.org/tests/532085#step/installation_mode/2 (there are y2logs attached to the openQA run, e.g. https://openqa.opensuse.org/tests/532085/file/installation_mode-y2logs.tar.b... ) These failures block the update of libzypp at this time -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c1
Michael Andres
PublicKey.cc(readFromFile):538 Read pubkey from /var/tmp/TmpFile.3rA0OC: [EA649FE2969A1C06-59d8d05a] [openSUSE:Factory:Staging OBS Project openSUSE:Factory:Staging@build.opensuse.org] [expires: 2019-12-16] ExternalProgram.cc(start_program):252 Executing '/usr/bin/gpg2' '--import' '--homedir' '/var/tmp/zypp.Ek7TN5/zypp-general-krC6Q4Nz' '--no-default-keyring' '--quiet' '--no-tty' '--no-greeting' '--no-permission-warning' '--status-fd' '1' '/var/tmp/TmpFile.3rA0OC' ExternalProgram.cc(start_program):415 pid 4143 launched ExternalProgram.cc(checkStatus):509 Pid 4143 exited with status 2 Exception.cc(log):166 KeyRing.cc(importKey):555 THROW: Failed to import key.
Hmm, gpg returns 2 without telling something. Andreas, do you happen to know what the 2 wants to indicate? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c2
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c3
--- Comment #3 from Michael Andres
[GNUPG:] KEY_CONSIDERED 4E98E67519D98DC7362A5990E3A5C360307E3D54 0 [GNUPG:] IMPORTED E3A5C360307E3D54 SuSE Package Signing Key
[GNUPG:] IMPORT_OK 1 4E98E67519D98DC7362A5990E3A5C360307E3D54 gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory gpg: can't connect to the agent: No such file or directory [GNUPG:] KEY_CONSIDERED FEAB502539D846DB2C0961CA70AF9E8139DB7C82 0 [GNUPG:] IMPORTED 70AF9E8139DB7C82 SuSE Package Signing Key [GNUPG:] IMPORT_OK 1 FEAB502539D846DB2C0961CA70AF9E8139DB7C82 gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory gpg: can't connect to the agent: No such file or directory [GNUPG:] KEY_CONSIDERED AF981CECD97D5063A79EBE8A5EAF444450A3DD1C 0 [GNUPG:] IMPORTED 5EAF444450A3DD1C SuSE Package Signing Key (reserve key) [GNUPG:] IMPORT_OK 1 AF981CECD97D5063A79EBE8A5EAF444450A3DD1C gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory gpg: can't connect to the agent: No such file or directory [GNUPG:] IMPORT_RES 3 0 3 0 0 0 0 0 0 0 0 0 0 0 0 2 [GNUPG:] IMPORT_OK 0 4E98E67519D98DC7362A5990E3A5C360307E3D54 [GNUPG:] IMPORT_OK 0 FEAB502539D846DB2C0961CA70AF9E8139DB7C82 [GNUPG:] IMPORT_OK 0 AF981CECD97D5063A79EBE8A5EAF444450A3DD1C [GNUPG:] IMPORT_RES 3 0 0 0 3 0 0 0 0 0 0 0 0 0 0 0
It's a gpg issue. The very first import (empty gpg home dir) fails, probably because the (IMO not needed) gpg-agent cant' be started. The instsys seems to use gpg 2.2.1. On my TW install gpg 2.2.2 is able to inport the keys even if I remove the gpg-agent. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c4
--- Comment #4 from Dominique Leuenberger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c5
--- Comment #5 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c9
--- Comment #9 from Dominique Leuenberger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c10
--- Comment #10 from Michael Andres
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory gpg: can't connect to the agent: No such file or directory
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c11
Michael Andres
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c12
--- Comment #12 from Michael Andres
It seems to be just the 1st call (which also creates the pubring.kbx) that tries to launch the agent and fails:
No. The 2nd call succeeded because the 1st call (despite returning 2) imported the keys. So it was nothing to do. Importing an new key will constantly fail with `2`. As gpg --no-use-agent does not work (mann: This is dummy option. gpg2 always requires the agent.) the only workaround IMO is to put the gpg-agent into the instsys. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c14
--- Comment #14 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c15
--- Comment #15 from Michael Andres
in September. So this issue existed before, but only hit libzypp due to the changed sequence of calls I presume.
No, libzypp<17.0.0 failed to check the return code, that's why the error was not raised. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c16
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c17
--- Comment #17 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c18
Michael Andres
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992
http://bugzilla.opensuse.org/show_bug.cgi?id=1067992#c19
Dominique Leuenberger
@Dominique: So the cleanest solution would IMO be to add the gpg-agent to the instsys, so gpg can launch it, if it feels in need to do so. The 2nd best option is to use --no-autostart, but actyually zypp does not want to determine wheter the agent is needed or not.
I don't see an issue with option 1 - let's see if Steffen agrees there -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com